diff -r -c samba-2.0.7/source/Makefile.in samba-2.0.7-dce-2.0/source/Makefile.in *** samba-2.0.7/source/Makefile.in Tue Apr 25 16:06:11 2000 --- samba-2.0.7-dce-2.0/source/Makefile.in Wed Jun 14 17:29:47 2000 *************** *** 140,152 **** locking/shmem.o locking/shmem_sysv.o PASSDB_OBJ = passdb/passdb.o passdb/smbpassfile.o passdb/smbpass.o \ ! passdb/pass_check.o passdb/ldap.o passdb/nispass.o passdb/smbpasschange.o PROFILE_OBJ = profile/profile.o SMBD_OBJ1 = smbd/server.o smbd/files.o smbd/chgpasswd.o smbd/connection.o \ smbd/dfree.o smbd/dir.o smbd/password.o smbd/conn.o smbd/fileio.o \ ! smbd/ipc.o smbd/mangle.o smbd/negprot.o \ smbd/message.o smbd/nttrans.o smbd/pipes.o smbd/predict.o \ smbd/$(QUOTAOBJS) smbd/reply.o smbd/trans2.o smbd/uid.o \ smbd/dosmode.o smbd/filename.o smbd/open.o smbd/close.o smbd/blocking.o \ --- 140,152 ---- locking/shmem.o locking/shmem_sysv.o PASSDB_OBJ = passdb/passdb.o passdb/smbpassfile.o passdb/smbpass.o \ ! passdb/pass_check.o passdb/dce_pass.o passdb/ldap.o passdb/nispass.o passdb/smbpasschange.o PROFILE_OBJ = profile/profile.o SMBD_OBJ1 = smbd/server.o smbd/files.o smbd/chgpasswd.o smbd/connection.o \ smbd/dfree.o smbd/dir.o smbd/password.o smbd/conn.o smbd/fileio.o \ ! smbd/dcedfs.o smbd/ipc.o smbd/mangle.o smbd/negprot.o \ smbd/message.o smbd/nttrans.o smbd/pipes.o smbd/predict.o \ smbd/$(QUOTAOBJS) smbd/reply.o smbd/trans2.o smbd/uid.o \ smbd/dosmode.o smbd/filename.o smbd/open.o smbd/close.o smbd/blocking.o \ *************** *** 177,183 **** $(LIB_OBJ) SWAT_OBJ = web/cgi.o web/diagnose.o web/startstop.o web/statuspage.o \ ! web/swat.o $(LIBSMB_OBJ) $(LOCKING_OBJ) \ $(PARAM_OBJ) $(PASSDB_OBJ) $(RPC_CLIENT_OBJ) $(RPC_PARSE_OBJ) \ $(UBIQX_OBJ) $(LIB_OBJ) $(PRINTING_OBJ) --- 177,183 ---- $(LIB_OBJ) SWAT_OBJ = web/cgi.o web/diagnose.o web/startstop.o web/statuspage.o \ ! smbd/dcedfs.o web/swat.o $(LIBSMB_OBJ) $(LOCKING_OBJ) \ $(PARAM_OBJ) $(PASSDB_OBJ) $(RPC_CLIENT_OBJ) $(RPC_PARSE_OBJ) \ $(UBIQX_OBJ) $(LIB_OBJ) $(PRINTING_OBJ) *************** *** 205,213 **** $(LIB_OBJ) SMBPASSWD_OBJ = utils/smbpasswd.o $(PARAM_OBJ) $(LIBSMB_OBJ) $(PASSDB_OBJ) \ ! $(UBIQX_OBJ) $(RPC_CLIENT_OBJ) $(RPC_PARSE_OBJ) $(LIB_OBJ) RPCCLIENT_OBJ = rpcclient/rpcclient.o \ rpcclient/display.o \ rpcclient/cmd_lsarpc.o \ rpcclient/cmd_wkssvc.o \ --- 205,214 ---- $(LIB_OBJ) SMBPASSWD_OBJ = utils/smbpasswd.o $(PARAM_OBJ) $(LIBSMB_OBJ) $(PASSDB_OBJ) \ ! smbd/dcedfs.o $(UBIQX_OBJ) $(RPC_CLIENT_OBJ) $(RPC_PARSE_OBJ) $(LIB_OBJ) RPCCLIENT_OBJ = rpcclient/rpcclient.o \ + smbd/dcedfs.o \ rpcclient/display.o \ rpcclient/cmd_lsarpc.o \ rpcclient/cmd_wkssvc.o \ diff -r -c samba-2.0.7/source/acconfig.h samba-2.0.7-dce-2.0/source/acconfig.h *** samba-2.0.7/source/acconfig.h Tue Apr 25 16:06:11 2000 --- samba-2.0.7-dce-2.0/source/acconfig.h Wed Jun 14 15:37:54 2000 *************** *** 17,22 **** --- 17,25 ---- #undef HAVE_SHORT_INO_T #undef WITH_SMBWRAPPER #undef WITH_AFS + #undef WITH_DCE + #undef WITH_DCE_REFRESH + #undef WITH_DCE_ENCRYPTED #undef WITH_DFS #undef SUNOS5 #undef SUNOS4 diff -r -c samba-2.0.7/source/configure samba-2.0.7-dce-2.0/source/configure *** samba-2.0.7/source/configure Tue Apr 25 16:06:39 2000 --- samba-2.0.7-dce-2.0/source/configure Wed Jun 14 16:50:15 2000 *************** *** 21,26 **** --- 21,35 ---- --with-afs Include AFS support --without-afs Don't include AFS support (default)" ac_help="$ac_help + --with-dce Include DCE support + --without-dce Don't include DCE support (default)" + ac_help="$ac_help + --with-dce-refresh Include DCE credential refresh support + --without-dce-refresh Don't include DCE credential refresh support (default)" + ac_help="$ac_help + --with-dce-encrypted Include DCE support for encrypted passwords + --without-dce-encrypted Don't include DCE support for encrypted passwords (default)" + ac_help="$ac_help --with-dfs Include DFS support --without-dfs Don't include DFS support (default)" ac_help="$ac_help *************** *** 9697,9711 **** ################################################# ! # check for the DFS auth system ! echo $ac_n "checking whether to use DFS auth""... $ac_c" 1>&6 ! echo "configure:9703: checking whether to use DFS auth" >&5 # Check whether --with-dfs or --without-dfs was given. if test "${with_dfs+set}" = set; then withval="$with_dfs" case "$withval" in yes) echo "$ac_t""yes" 1>&6 cat >> confdefs.h <<\EOF #define WITH_DFS 1 EOF --- 9706,9799 ---- ################################################# ! # Check whether --with-dce or --without-dce was given. ! # check for the DCE auth system ! echo $ac_n "checking whether to use DCE auth""... $ac_c" 1>&6 ! echo "configure:8790: checking whether to use DCE auth" >&5 ! if test "${with_dce+set}" = set; then ! withval="$with_dce" ! case "$withval" in ! yes) ! echo "$ac_t""yes" 1>&6 ! LIBS="-ldce -lpthread $LIBS" ! CPPFLAGS="$CPPFLAGS -D_REENTRANT" ! cat >> confdefs.h <<\EOF ! #define WITH_DCE 1 ! EOF ! ! ;; ! *) ! echo "$ac_t""no" 1>&6 ! ;; ! esac ! else ! echo "$ac_t""no" 1>&6 ! ! fi ! ! ! ################################################# ! # check for the DCE credential refresh support ! echo $ac_n "checking whether to use DCE credential refresh""... $ac_c" 1>&6 ! echo "configure:8791: checking whether to use DCE credential refresh" >&5 ! # Check whether --with-dce-refresh or --without-dce-refresh was given. ! if test "${with_dce_refresh+set}" = set; then ! withval="$with_dce_refresh" ! case "$withval" in ! yes) ! echo "$ac_t""yes" 1>&6 ! cat >> confdefs.h <<\EOF ! #define WITH_DCE_REFRESH 1 ! EOF ! ! ;; ! *) ! echo "$ac_t""no" 1>&6 ! ;; ! esac ! else ! echo "$ac_t""no" 1>&6 ! ! fi ! ! ! ################################################# ! # check for the DCE auth system w/encrypted passwords ! echo $ac_n "checking whether to use DCE auth encrypted""... $ac_c" 1>&6 ! echo "configure:8791: checking whether to use DCE auth encrypted" >&5 ! # Check whether --with-dce-encrypted or --without-dce-encrypted was given. ! if test "${with_dce_encrypted+set}" = set; then ! withval="$with_dce_encrypted" ! case "$withval" in ! yes) ! echo "$ac_t""yes" 1>&6 ! LIBS="-lsec_auth $LIBS" ! cat >> confdefs.h <<\EOF ! #define WITH_DCE_ENCRYPTED 1 ! EOF ! ! ;; ! *) ! echo "$ac_t""no" 1>&6 ! ;; ! esac ! else ! echo "$ac_t""no" 1>&6 ! ! fi ! ! ! ################################################# ! # check for DFS ! echo $ac_n "checking whether to use DFS""... $ac_c" 1>&6 ! echo "configure:8792: checking whether to use DFS" >&5 # Check whether --with-dfs or --without-dfs was given. if test "${with_dfs+set}" = set; then withval="$with_dfs" case "$withval" in yes) echo "$ac_t""yes" 1>&6 + LIBS="$LIBS -ldcedfs" cat >> confdefs.h <<\EOF #define WITH_DFS 1 EOF diff -r -c samba-2.0.7/source/include/config.h.in samba-2.0.7-dce-2.0/source/include/config.h.in *** samba-2.0.7/source/include/config.h.in Tue Apr 25 16:06:46 2000 --- samba-2.0.7-dce-2.0/source/include/config.h.in Wed Jun 14 15:44:22 2000 *************** *** 83,88 **** --- 83,91 ---- #undef HAVE_SHORT_INO_T #undef WITH_SMBWRAPPER #undef WITH_AFS + #undef WITH_DCE + #undef WITH_DCE_REFRESH + #undef WITH_DCE_ENCRYPTED #undef WITH_DFS #undef SUNOS5 #undef SUNOS4 diff -r -c samba-2.0.7/source/include/proto.h samba-2.0.7-dce-2.0/source/include/proto.h *** samba-2.0.7/source/include/proto.h Tue Apr 25 16:06:48 2000 --- samba-2.0.7-dce-2.0/source/include/proto.h Wed Jun 14 15:48:23 2000 *************** *** 1273,1278 **** --- 1273,1282 ---- BOOL (*sfunc)(char *), BOOL (*pfunc)(char *, char *) ); + /*The following definitions come from passdb/dce_pass.c */ + + struct passdb_ops *dce_initialize_password_db(void); + /*The following definitions come from passdb/ldap.c */ struct passdb_ops *ldap_initialize_password_db(void); diff -r -c samba-2.0.7/source/include/smb.h samba-2.0.7-dce-2.0/source/include/smb.h *** samba-2.0.7/source/include/smb.h Tue Apr 25 16:06:49 2000 --- samba-2.0.7-dce-2.0/source/include/smb.h Wed Jun 14 15:48:45 2000 *************** *** 1468,1478 **** int slprintf(); #endif - #ifdef WITH_DFS - void dfs_unlogin(void); - extern int dcelogin_atmost_once; - #endif - #ifdef NOSTRDUP char *strdup(char *s); #endif --- 1468,1473 ---- diff -r -c samba-2.0.7/source/passdb/dce_pass.c samba-2.0.7-dce-2.0/source/passdb/dce_pass.c *** samba-2.0.7/source/passdb/dce_pass.c Mon Jun 19 14:39:12 2000 --- samba-2.0.7-dce-2.0/source/passdb/dce_pass.c Wed Jun 14 16:26:05 2000 *************** *** 0 **** --- 1,138 ---- + #include "includes.h" + + #ifdef WITH_DCE_ENCRYPTED + + extern int DEBUGLEVEL; + + /*************************************************************** + Start to enumerate the smbpasswd list. Returns a void pointer + to ensure no modification outside this module. + ****************************************************************/ + + static void *startdcesmbpwent(BOOL update) + { + return NULL; + } + + /*************************************************************** + End enumeration of the smbpasswd list. + ****************************************************************/ + + static void enddcesmbpwent(void *vp) + { + } + + /************************************************************************* + Routine to return the next entry in the smbpasswd list. + *************************************************************************/ + static struct smb_passwd *getdcesmbpwent(void *vp) + { + return NULL; + } + + /************************************************************************* + Return the current position in the smbpasswd list as an SMB_BIG_UINT. + This must be treated as an opaque token. + *************************************************************************/ + + static SMB_BIG_UINT getdcesmbpwpos(void *vp) + { + return 0; + } + + /************************************************************************* + Set the current position in the smbpasswd list from an SMB_BIG_UINT. + This must be treated as an opaque token. + *************************************************************************/ + + static BOOL setdcesmbpwpos(void *vp, SMB_BIG_UINT tok) + { + return 0; + } + + + struct smb_passwd *getdcesmbpwuid(uid_t smb_userid) + { + static struct smb_passwd pwd; + struct passwd *unix_pwd; + static pstring user_name; + static unsigned char smbpwd[16] = {1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1}; + static unsigned char smbntpwd[16] = {1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1}; + + if (!(unix_pwd = getpwuid(smb_userid))) { + DEBUG(0, ("getdcesmbpwuid getpwuid failed for %d", smb_userid)); + return NULL; + } + + strncpy(user_name, unix_pwd->pw_name, 1024); + pwd.smb_name = user_name; + pwd.smb_userid = smb_userid; + pwd.smb_passwd = smbpwd; + pwd.smb_nt_passwd = smbntpwd; + pwd.acct_ctrl = ACB_NORMAL; + + return &pwd; + } + + + struct smb_passwd *getdcesmbpwrid(uint32 user_rid) + { + return getdcesmbpwuid(pdb_user_rid_to_uid(user_rid)); + } + + + struct smb_passwd *getdcesmbpwnam(char *name) + { + static struct smb_passwd pwd; + struct passwd *unix_pwd; + static pstring user_name; + static unsigned char smbpwd[16] = {1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1}; + static unsigned char smbntpwd[16] = {1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1}; + + if (!(unix_pwd = getpwnam(name))) { + DEBUG(0, ("getdcesmbpwnam getpwnam failed for %s", name)); + return NULL; + } + + strncpy(user_name, name, 1024); + pwd.smb_name = user_name; + pwd.smb_userid = unix_pwd->pw_uid; + pwd.smb_passwd = smbpwd; + pwd.smb_nt_passwd = smbntpwd; + pwd.acct_ctrl = ACB_NORMAL; + + return &pwd; + } + + + static struct passdb_ops dce_ops = { + startdcesmbpwent, + enddcesmbpwent, + getdcesmbpwpos, + setdcesmbpwpos, + getdcesmbpwnam, + getdcesmbpwuid, + getdcesmbpwrid, + getdcesmbpwent, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL + }; + + struct passdb_ops *dce_initialize_password_db(void) + { + return &dce_ops; + } + + #else + /* Do *NOT* make this function static. It breaks the compile on gcc. JRA */ + void smbpass_dummy_function(void) { } /* stop some compilers complaining */ + #endif /* USE_SMBPASS_DB */ diff -r -c samba-2.0.7/source/passdb/pass_check.c samba-2.0.7-dce-2.0/source/passdb/pass_check.c *** samba-2.0.7/source/passdb/pass_check.c Tue Jul 20 18:25:12 1999 --- samba-2.0.7-dce-2.0/source/passdb/pass_check.c Wed Jun 14 15:56:56 2000 *************** *** 167,463 **** } #endif - - #ifdef WITH_DFS - - #include - #include - - /***************************************************************** - This new version of the DFS_AUTH code was donated by Karsten Muuss - . It fixes the following problems with the - old code : - - - Server credentials may expire - - Client credential cache files have wrong owner - - purge_context() function is called with invalid argument - - This new code was modified to ensure that on exit the uid/gid is - still root, and the original directory is restored. JRA. - ******************************************************************/ - - sec_login_handle_t my_dce_sec_context; - int dcelogin_atmost_once = 0; - - /******************************************************************* - check on a DCE/DFS authentication - ********************************************************************/ - static BOOL dfs_auth(char *user,char *password) - { - error_status_t err; - int err2; - int prterr; - signed32 expire_time, current_time; - boolean32 password_reset; - struct passwd *pw; - sec_passwd_rec_t passwd_rec; - sec_login_auth_src_t auth_src = sec_login_auth_src_network; - unsigned char dce_errstr[dce_c_error_string_len]; - gid_t egid; - - if (dcelogin_atmost_once) return(False); - - #ifdef HAVE_CRYPT - /* - * We only go for a DCE login context if the given password - * matches that stored in the local password file.. - * Assumes local passwd file is kept in sync w/ DCE RGY! - */ - - if (strcmp((char *)crypt(password,this_salt),this_crypted)) { - return(False); - } - #endif - - sec_login_get_current_context(&my_dce_sec_context, &err); - if (err != error_status_ok ) { - dce_error_inq_text(err, dce_errstr, &err2); - DEBUG(0,("DCE can't get current context. %s\n", dce_errstr)); - - return(False); - } - - sec_login_certify_identity(my_dce_sec_context, &err); - if (err != error_status_ok) { - dce_error_inq_text(err, dce_errstr, &err2); - DEBUG(0,("DCE can't get current context. %s\n", dce_errstr)); - - return(False); - } - - sec_login_get_expiration(my_dce_sec_context, &expire_time, &err); - if (err != error_status_ok) { - dce_error_inq_text(err, dce_errstr, &err2); - DEBUG(0,("DCE can't get expiration. %s\n", dce_errstr)); - - return(False); - } - - time(¤t_time); - - if (expire_time < (current_time + 60)) { - struct passwd *pw; - sec_passwd_rec_t *key; - - sec_login_get_pwent(my_dce_sec_context, - (sec_login_passwd_t*)&pw, &err); - if (err != error_status_ok ) { - dce_error_inq_text(err, dce_errstr, &err2); - DEBUG(0,("DCE can't get pwent. %s\n", dce_errstr)); - - return(False); - } - - sec_login_refresh_identity(my_dce_sec_context, &err); - if (err != error_status_ok) { - dce_error_inq_text(err, dce_errstr, &err2); - DEBUG(0,("DCE can't refresh identity. %s\n", - dce_errstr)); - - return(False); - } - - sec_key_mgmt_get_key(rpc_c_authn_dce_secret, NULL, - (unsigned char *)pw->pw_name, - sec_c_key_version_none, - (void**)&key, &err); - if (err != error_status_ok) { - dce_error_inq_text(err, dce_errstr, &err2); - DEBUG(0,("DCE can't get key for %s. %s\n", - pw->pw_name, dce_errstr)); - - return(False); - } - - sec_login_valid_and_cert_ident(my_dce_sec_context, key, - &password_reset, &auth_src, - &err); - if (err != error_status_ok ) { - dce_error_inq_text(err, dce_errstr, &err2); - DEBUG(0,("DCE can't validate and certify identity for %s. %s\n", - pw->pw_name, dce_errstr)); - } - - sec_key_mgmt_free_key(key, &err); - if (err != error_status_ok ) { - dce_error_inq_text(err, dce_errstr, &err2); - DEBUG(0,("DCE can't free key.\n", dce_errstr)); - } - } - - if (sec_login_setup_identity((unsigned char *)user, - sec_login_no_flags, - &my_dce_sec_context, - &err) == 0) { - dce_error_inq_text(err, dce_errstr, &err2); - DEBUG(0,("DCE Setup Identity for %s failed: %s\n", - user,dce_errstr)); - return(False); - } - - sec_login_get_pwent(my_dce_sec_context, - (sec_login_passwd_t*)&pw, &err); - if (err != error_status_ok) { - dce_error_inq_text(err, dce_errstr, &err2); - DEBUG(0,("DCE can't get pwent. %s\n", dce_errstr)); - - return(False); - } - - sec_login_purge_context(&my_dce_sec_context, &err); - if (err != error_status_ok) { - dce_error_inq_text(err, dce_errstr, &err2); - DEBUG(0,("DCE can't purge context. %s\n", dce_errstr)); - - return(False); - } - - /* - * NB. I'd like to change these to call something like become_user() - * instead but currently we don't have a connection - * context to become the correct user. This is already - * fairly platform specific code however, so I think - * this should be ok. I have added code to go - * back to being root on error though. JRA. - */ - - egid = getegid(); - - if (set_effective_gid(pw->pw_gid) != 0) { - DEBUG(0,("Can't set egid to %d (%s)\n", - pw->pw_gid, strerror(errno))); - return False; - } - - if (set_effective_uid(pw->pw_uid) != 0) { - set_effective_gid(egid); - DEBUG(0,("Can't set euid to %d (%s)\n", - pw->pw_uid, strerror(errno))); - return False; - } - - if (sec_login_setup_identity((unsigned char *)user, - sec_login_no_flags, - &my_dce_sec_context, - &err) == 0) { - dce_error_inq_text(err, dce_errstr, &err2); - DEBUG(0,("DCE Setup Identity for %s failed: %s\n", - user,dce_errstr)); - goto err; - } - - sec_login_get_pwent(my_dce_sec_context, - (sec_login_passwd_t*)&pw, &err); - if (err != error_status_ok ) { - dce_error_inq_text(err, dce_errstr, &err2); - DEBUG(0,("DCE can't get pwent. %s\n", dce_errstr)); - goto err; - } - - passwd_rec.version_number = sec_passwd_c_version_none; - passwd_rec.pepper = NULL; - passwd_rec.key.key_type = sec_passwd_plain; - passwd_rec.key.tagged_union.plain = (idl_char *)password; - - sec_login_validate_identity(my_dce_sec_context, - &passwd_rec, &password_reset, - &auth_src, &err); - if (err != error_status_ok ) { - dce_error_inq_text(err, dce_errstr, &err2); - DEBUG(0,("DCE Identity Validation failed for principal %s: %s\n", - user,dce_errstr)); - goto err; - } - - sec_login_certify_identity(my_dce_sec_context, &err); - if (err != error_status_ok) { - dce_error_inq_text(err, dce_errstr, &err2); - DEBUG(0,("DCE certify identity failed: %s\n", dce_errstr)); - goto err; - } - - if (auth_src != sec_login_auth_src_network) { - DEBUG(0,("DCE context has no network credentials.\n")); - } - - sec_login_set_context(my_dce_sec_context, &err); - if (err != error_status_ok) { - dce_error_inq_text(err, dce_errstr, &err2); - DEBUG(0,("DCE login failed for principal %s, cant set context: %s\n", - user,dce_errstr)); - - sec_login_purge_context(&my_dce_sec_context, &err); - goto err; - } - - sec_login_get_pwent(my_dce_sec_context, - (sec_login_passwd_t*)&pw, &err); - if (err != error_status_ok) { - dce_error_inq_text(err, dce_errstr, &err2); - DEBUG(0,("DCE can't get pwent. %s\n", dce_errstr)); - goto err; - } - - DEBUG(0,("DCE login succeeded for principal %s on pid %d\n", - user, getpid())); - - DEBUG(3,("DCE principal: %s\n" - " uid: %d\n" - " gid: %d\n", - pw->pw_name, pw->pw_uid, pw->pw_gid)); - DEBUG(3,(" info: %s\n" - " dir: %s\n" - " shell: %s\n", - pw->pw_gecos, pw->pw_dir, pw->pw_shell)); - - sec_login_get_expiration(my_dce_sec_context, &expire_time, &err); - if (err != error_status_ok) { - dce_error_inq_text(err, dce_errstr, &err2); - DEBUG(0,("DCE can't get expiration. %s\n", dce_errstr)); - goto err; - } - - set_effective_uid(0); - set_effective_gid(0); - - DEBUG(0,("DCE context expires: %s",asctime(localtime(&expire_time)))); - - dcelogin_atmost_once = 1; - return (True); - - err: - - /* Go back to root, JRA. */ - set_effective_uid(0); - set_effective_gid(egid); - return(False); - } - - void dfs_unlogin(void) - { - error_status_t err; - int err2; - unsigned char dce_errstr[dce_c_error_string_len]; - - sec_login_purge_context(&my_dce_sec_context, &err); - if (err != error_status_ok) { - dce_error_inq_text(err, dce_errstr, &err2); - DEBUG(0,("DCE purge login context failed for server instance %d: %s\n", - getpid(), dce_errstr)); - } - } - #endif - #ifdef KRB5_AUTH #include --- 167,172 ---- *************** *** 693,701 **** if (afs_auth(this_user,password)) return(True); #endif /* WITH_AFS */ ! #ifdef WITH_DFS ! if (dfs_auth(this_user,password)) return(True); ! #endif /* WITH_DFS */ #ifdef KRB5_AUTH if (krb5_auth(this_user,password)) return(True); --- 402,410 ---- if (afs_auth(this_user,password)) return(True); #endif /* WITH_AFS */ ! #ifdef WITH_DCE ! if (dce_auth(this_user,password)) return(True); ! #endif /* WITH_DCE */ #ifdef KRB5_AUTH if (krb5_auth(this_user,password)) return(True); diff -r -c samba-2.0.7/source/passdb/passdb.c samba-2.0.7-dce-2.0/source/passdb/passdb.c *** samba-2.0.7/source/passdb/passdb.c Tue Apr 25 16:07:01 2000 --- samba-2.0.7-dce-2.0/source/passdb/passdb.c Wed Jun 14 15:58:09 2000 *************** *** 74,79 **** --- 74,81 ---- #ifdef WITH_NISPLUS pdb_ops = nisplus_initialize_password_db(); + #elif defined(WITH_DCE_ENCRYPTED) + pdb_ops = dce_initialize_password_db(); #elif defined(WITH_LDAP) pdb_ops = ldap_initialize_password_db(); #else diff -r -c samba-2.0.7/source/smbd/dcedfs.c samba-2.0.7-dce-2.0/source/smbd/dcedfs.c *** samba-2.0.7/source/smbd/dcedfs.c Mon Jun 19 14:33:58 2000 --- samba-2.0.7-dce-2.0/source/smbd/dcedfs.c Fri Jun 16 16:40:43 2000 *************** *** 0 **** --- 1,715 ---- + #include "includes.h" + + extern int DEBUGLEVEL; + + #ifdef WITH_DCE + + #include + #include + #include + + static sec_login_handle_t login_context = NULL; + + #ifdef WITH_DCE_REFRESH + static sec_passwd_des_key_t refresh_deskey; + static sec_passwd_str_t refresh_plaintext; + static sec_passwd_type_t passwd_type; + + static pthread_addr_t refresh_context() + { + signed32 expiration_time; + time_t now; + struct timespec sleep_interval; + error_status_t dce_st; + dce_error_string_t dce_error; + int dce_error_st; + sec_login_auth_src_t auth_src; + unsigned32 kvno_worked; + boolean32 reset_passwd; + sec_passwd_str_t tmp_pw; + sec_passwd_rec_t passwd_rec; + + while (1) + { + now = time(NULL); + + sec_login_get_expiration(login_context, &expiration_time, &dce_st); + if (dce_st && (dce_st != sec_login_s_not_certified)) + { + dce_error_inq_text(dce_st, dce_error, &dce_error_st); + DEBUG(0, ("refresh_context: sec_login_get_expiration failed - %s (%d)\n", dce_error, dce_st)); + expiration_time = now + 20 * 60; + } + + sleep_interval.tv_sec = expiration_time - now - 10 * 60; + sleep_interval.tv_nsec = 0; + + pthread_delay_np(&sleep_interval); + + sec_login_refresh_identity(login_context, &dce_st); + if (dce_st) + { + dce_error_inq_text(dce_st, dce_error, &dce_error_st); + DEBUG(0, ("refresh_context: sec_login_refresh_identity failed - %s (%d)\n", dce_error, dce_st)); + } + + if (passwd_type == sec_passwd_plain) + { + passwd_rec.key.key_type = sec_passwd_plain; + strncpy( (char *)tmp_pw, refresh_plaintext, sec_passwd_str_max_len); + tmp_pw[sec_passwd_str_max_len] = '\0'; + passwd_rec.key.tagged_union.plain = &(tmp_pw[0]); + } + else + { + passwd_rec.key.key_type = sec_passwd_des; + memcpy(passwd_rec.key.tagged_union.des_key, refresh_deskey, sec_passwd_c_des_key_size); + } + + sec_login_validate_identity(login_context, &passwd_rec, &reset_passwd, &auth_src, &dce_st); + if (dce_st) + { + dce_error_inq_text(dce_st, dce_error, &dce_error_st); + DEBUG(0, ("refresh_context: sec_login_validate_identity failed - %s (%d)\n", dce_error, dce_st)); + } + } + } + #endif + + int dce_auth(char *user, char *password) + { + error_status_t dce_st; + dce_error_string_t dce_error; + int dce_error_st; + sec_login_auth_src_t auth_src; + sec_passwd_rec_t pw_entry; + boolean32 reset_passwd; + sec_passwd_str_t tmp_pw; + #ifdef WITH_DCE_REFRESH + pthread_t refresh_thread; + #endif + + if (login_context) + { + DEBUG(0, ("dce_auth: smbd process already has DCE credentials, failing authentication for %s\n", user)); + return 0; + } + + if (!sec_login_setup_identity(user, sec_login_no_flags, &login_context, &dce_st)) + { + dce_error_inq_text(dce_st, dce_error, &dce_error_st); + DEBUG(0, ("dce_auth: unable to setup identity for %s - %s\n", user, dce_error)); + return 0; + } + + pw_entry.version_number = sec_passwd_c_version_none; + pw_entry.pepper = NULL; + pw_entry.key.key_type = sec_passwd_plain; + strncpy( (char *)tmp_pw, password, sec_passwd_str_max_len); + tmp_pw[sec_passwd_str_max_len] = '\0'; + pw_entry.key.tagged_union.plain = &(tmp_pw[0]); + + #ifdef WITH_DCE_REFRESH + passwd_type = sec_passwd_plain; + strncpy( (char *)refresh_plaintext, password, sec_passwd_str_max_len); + refresh_plaintext[sec_passwd_str_max_len] = '\0'; + #endif + + if (!sec_login_valid_and_cert_ident(login_context, &pw_entry, &reset_passwd, &auth_src, &dce_st)) + { + dce_error_inq_text(dce_st, dce_error, &dce_error_st); + DEBUG(0, ("dce_auth: unable to validate identity for %s - %s\n", user, dce_error)); + return 0; + } + + if (auth_src != sec_login_auth_src_network) + { + DEBUG(0, ("dce_auth: no network credentials for %s\n", user)); + sec_login_purge_context(&login_context, &dce_st); + return 0; + } + + sec_login_set_context(login_context, &dce_st); + + if (dce_st) + { + dce_error_inq_text(dce_st, dce_error, &dce_error_st); + DEBUG(0, ("dce_auth: unable to set context for %s - %s\n", user, dce_error)); + sec_login_purge_context(&login_context, &dce_st); + return 0; + } + + #ifdef WITH_DCE_REFRESH + if (pthread_create(&refresh_thread, pthread_attr_default, refresh_context, NULL)) + DEBUG(0, ("dce_auth: pthread_create failed\n")); + else + pthread_detach(&refresh_thread); + #endif + + return 1; + } + + void dce_cleanup() + { + error_status_t dce_st; + + if (login_context) + sec_login_purge_context(&login_context, &dce_st); + } + + #ifdef WITH_DCE_ENCRYPTED + + #include + #include + + BOOL dce_update_encrypted_pw(char *user, char *password) + { + sec_rgy_login_name_t login_name; + sec_passwd_version_t new_version; + sec_passwd_rec_t key; + error_status_t dce_st; + sec_passwd_str_t pw; + sec_rgy_handle_t rgy_handle; + dce_error_string_t dce_error; + int dce_error_st; + + strncpy(login_name.pname, user, sec_rgy_name_max_len); + strncpy(login_name.gname, "", sec_rgy_name_max_len); + strncpy(login_name.oname, "", sec_rgy_name_max_len); + + key.version_number = sec_passwd_c_version_none; + key.pepper = NULL; + key.key.key_type = sec_passwd_plain; + strncpy( (char *)pw, password, sec_passwd_str_max_len); + pw[sec_passwd_str_max_len] = '\0'; + key.key.tagged_union.plain = &(pw[0]); + + sec_rgy_site_open_update(NULL, &rgy_handle, &dce_st); + + sec_rgy_acct_passwd(rgy_handle, &login_name, &key, &key, sec_passwd_des, &new_version, &dce_st); + + if (dce_st != error_status_ok) + { + dce_error_inq_text(dce_st, dce_error, &dce_error_st); + DEBUG(0, ("dce_update_encrypted_pw: sec_rgy_account_password failed for %s - %s\n", user, dce_error)); + return 0; + } + + return 1; + } + + BOOL dce_smb_password_check(char *user, unsigned char *challenge, unsigned char *response, int hash_type) + { + error_status_t dce_st; + dce_error_string_t dce_error; + int dce_error_st; + sec_login_auth_src_t auth_src; + sec_passwd_rec_t pw_entry; + boolean32 reset_passwd; + sec_passwd_str_t tmp_pw; + rpc_ns_handle_t lookup_context; + rpc_binding_vector_t *binding_vec; + rpc_binding_handle_t handle; + unsigned_char_t *server_princ_name; + sec_rgy_name_t princ_name; + #ifdef WITH_DCE_REFRESH + pthread_t refresh_thread; + #endif + + if (login_context) + { + DEBUG(0, ("dce_auth: smbd process already has DCE credentials, failing authentication for %s\n", user)); + return 0; + } + + rpc_ns_binding_lookup_begin(rpc_c_ns_syntax_default, SEC_AUTH_RPC_GROUP_NAME, + SEC_AUTH_C_IFSPEC, NULL, 5, &lookup_context, + &dce_st); + + if (dce_st) + { + dce_error_inq_text(dce_st, dce_error, &dce_error_st); + DEBUG(0, ("rpc_ns_binding_lookup_begin failed - %s\n", dce_error)); + return 0; + } + + rpc_ns_binding_lookup_next(lookup_context, &binding_vec, &dce_st); + + if (dce_st) + { + dce_error_inq_text(dce_st, dce_error, &dce_error_st); + DEBUG(0, ("rpc_ns_binding_lookup_next failed - %s\n", dce_error)); + return 0; + } + + rpc_ns_binding_lookup_done(&lookup_context, &dce_st); + + if (dce_st) + { + dce_error_inq_text(dce_st, dce_error, &dce_error_st); + DEBUG(0, ("rpc_ns_binding_lookup_done failed - %s\n", dce_error)); + return 0; + } + + while (1) + { + rpc_ns_binding_select(binding_vec, &handle, &dce_st); + + if (dce_st) + { + dce_error_inq_text(dce_st, dce_error, &dce_error_st); + DEBUG(0, ("rpc_ns_binding_select failed - %s\n", dce_error)); + rpc_binding_vector_free(&binding_vec, &dce_st); + return 0; + } + + rpc_ep_resolve_binding(handle, SEC_AUTH_C_IFSPEC, &dce_st); + + if (dce_st) + { + dce_error_inq_text(dce_st, dce_error, &dce_error_st); + DEBUG(0, ("rpc_ep_resolve_binding failed - %s\n", dce_error)); + rpc_binding_free(&handle, &dce_st); + continue; + } + + rpc_mgmt_inq_server_princ_name(handle, rpc_c_authn_dce_secret, + &server_princ_name, &dce_st); + + if (dce_st) + { + dce_error_inq_text(dce_st, dce_error, &dce_error_st); + DEBUG(0, ("rpc_mgmt_inq_server_princ_name failed - %s\n", dce_error)); + rpc_binding_free(&handle, &dce_st); + continue; + } + + sec_id_parse_name(sec_rgy_default_handle, server_princ_name, NULL, NULL, + princ_name, NULL, &dce_st); + + if (dce_st) + { + dce_error_inq_text(dce_st, dce_error, &dce_error_st); + DEBUG(0, ("sec_id_parse_name failed - %s\n", dce_error)); + rpc_binding_free(&handle, &dce_st); + continue; + } + + { + int is_member = sec_rgy_pgo_is_member(sec_rgy_default_handle, sec_rgy_domain_group, + "sec_auth", princ_name, &dce_st); + + if (dce_st) + { + dce_error_inq_text(dce_st, dce_error, &dce_error_st); + DEBUG(0, ("sec_rgy_pgo_is_member failed - %s\n", dce_error)); + rpc_binding_free(&handle, &dce_st); + continue; + } + + if (!is_member) + { + DEBUG(0, ("%s not valid sec_auth server\n", princ_name)); + rpc_binding_free(&handle, &dce_st); + continue; + } + } + + rpc_binding_set_auth_info(handle, server_princ_name, + rpc_c_protect_level_pkt_privacy, rpc_c_authn_dce_secret, + NULL, rpc_c_authz_name, &dce_st); + + if (dce_st) + { + dce_error_inq_text(dce_st, dce_error, &dce_error_st); + DEBUG(0, ("rpc_binding_set_auth_info failed - %s\n", dce_error)); + rpc_binding_free(&handle, &dce_st); + continue; + } + + if (hash_type == 1) + { + sec_auth_ms_nthash(handle, user, challenge, response, (idl_byte *)&pw_entry.key.tagged_union.des_key, &dce_st); + } + else + { + sec_auth_ms_lmhash(handle, user, challenge, response, (idl_byte *)&pw_entry.key.tagged_union.des_key, &dce_st); + } + + if (dce_st == error_status_ok) + { + rpc_binding_free(&handle, &dce_st); + rpc_binding_vector_free(&binding_vec, &dce_st); + break; + } + else if (dce_st == sec_rgy_passwd_invalid || dce_st == sec_rgy_not_authorized || dce_st == sec_rgy_not_implemented) + { + dce_error_inq_text(dce_st, dce_error, &dce_error_st); + DEBUG(0, ("dce_smb_password_check: sec_auth failed for %s - %s\n", user, dce_error)); + rpc_binding_free(&handle, &dce_st); + rpc_binding_vector_free(&binding_vec, &dce_st); + return 0; + } + else + { + dce_error_inq_text(dce_st, dce_error, &dce_error_st); + DEBUG(0, ("dce_smb_password_check: sec_auth failed for %s - %s\n", user, dce_error)); + rpc_binding_free(&handle, &dce_st); + } + } + + if (!sec_login_setup_identity(user, sec_login_no_flags, &login_context, &dce_st)) + { + dce_error_inq_text(dce_st, dce_error, &dce_error_st); + DEBUG(0, ("dce_smb_password_check: unable to setup identity for %s - %s\n", user, dce_error)); + return 0; + } + + pw_entry.pepper = NULL; + pw_entry.key.key_type = sec_passwd_des; + pw_entry.version_number = sec_passwd_c_version_none; + + #ifdef WITH_DCE_REFRESH + passwd_type = sec_passwd_des; + memcpy(refresh_deskey, pw_entry.key.tagged_union.des_key, sec_passwd_c_des_key_size); + #endif + + if (!sec_login_valid_and_cert_ident(login_context, &pw_entry, &reset_passwd, &auth_src, &dce_st)) + { + dce_error_inq_text(dce_st, dce_error, &dce_error_st); + DEBUG(0, ("dce_smb_password_check: unable to validate identity for %s - %s\n", user, dce_error)); + sec_login_purge_context(&login_context, &dce_st); + return 0; + } + + if (auth_src != sec_login_auth_src_network) + { + DEBUG(0, ("dce_smb_password_check: no network credentials for %s\n", user)); + sec_login_purge_context(&login_context, &dce_st); + return 0; + } + + sec_login_set_context(login_context, &dce_st); + + if (dce_st) + { + dce_error_inq_text(dce_st, dce_error, &dce_error_st); + DEBUG(0, ("dce_smb_password_check: unable to set context for %s - %s\n", user, dce_error)); + sec_login_purge_context(&login_context, &dce_st); + return 0; + } + + #ifdef WITH_DCE_REFRESH + if (pthread_create(&refresh_thread, pthread_attr_default, refresh_context, NULL)) + DEBUG(0, ("auth_dce.initialize: pthread_create failed")); + else + pthread_detach(&refresh_thread); + #endif + + return 1; + } + + #endif + + #ifdef WITH_DFS + + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + + #define FLSERVER_H_SIZE 5 + static rpc_binding_handle_t flserver_h[FLSERVER_H_SIZE]; + static int flserver_h_count = 0; + static int flserver_h_index = 0; + + static int path_to_fid(char *path, struct afsFid *fidp) + { + struct afs_ioctl ioctl_data; + + ioctl_data.in_size = 0; + ioctl_data.out_size = sizeof(afsFid); + ioctl_data.out = (caddr_t) fidp; + + return (!pioctl(path, VIOCGETFID, &ioctl_data, 1)); + } + + static int bind_flservers() + { + unsigned32 import_status, group_status, rpc_status; + rpc_ns_handle_t import_context; + rpc_ns_handle_t group_context; + unsigned_char_t *name, *string_binding, *protseq, *network_addr; + uuid_t obj_uuid; + unsigned_char_t *string_uuid; + rpc_binding_handle_t temp_h; + dce_error_string_t dce_error; + int dce_error_st; + + + rpc_ns_entry_object_inq_begin(rpc_c_ns_syntax_default, "/.:/fs", + &import_context, &import_status); + + if (import_status) + { + dce_error_inq_text(import_status, dce_error, &dce_error_st); + DEBUG(0, ("dfsquota: bind_flservers.entry_object_inq_begin failed - %s\n", dce_error)); + return 0; + } + + rpc_ns_entry_object_inq_next(import_context, &obj_uuid, &import_status); + + if (import_status) + { + dce_error_inq_text(import_status, dce_error, &dce_error_st); + DEBUG(0, ("dfsquota: bind_flservers.entry_object_inq_next failed - %s\n", dce_error)); + return 0; + } + + rpc_ns_entry_object_inq_done(&import_context, &import_status); + + uuid_to_string(&obj_uuid, &string_uuid, &import_status); + + if (import_status) + { + dce_error_inq_text(import_status, dce_error, &dce_error_st); + DEBUG(0, ("dfsquota: bind_flservers.uuid_to_string failed - %s\n", dce_error)); + return 0; + } + + rpc_ns_group_mbr_inq_begin(rpc_c_ns_syntax_default, "/.:/fs", rpc_c_ns_syntax_default, + &group_context, &group_status); + + if (group_status) + { + dce_error_inq_text(group_status, dce_error, &dce_error_st); + DEBUG(0, ("dfsquota: bind_flservers.group_mbr_inq_begin failed - %s\n", dce_error)); + return 0; + } + + while ((!group_status) && (flserver_h_count < FLSERVER_H_SIZE)) + { + rpc_ns_group_mbr_inq_next(group_context, &name, &group_status); + + if (group_status) + { + if (group_status != rpc_s_no_more_members) + { + dce_error_inq_text(group_status, dce_error, &dce_error_st); + DEBUG(0, ("dfsquota: bind_flservers.group_mbr_inq_next failed - %s\n", dce_error)); + } + continue; + } + + rpc_ns_binding_import_begin(rpc_c_ns_syntax_default, name, NULL, + NULL, &import_context, &import_status); + + if (import_status) + { + dce_error_inq_text(import_status, dce_error, &dce_error_st); + DEBUG(0, ("dfsquota: bind_flservers.binding_import_begin failed - %s\n", dce_error)); + rpc_ns_binding_import_done(&import_context, &import_status); + continue; + } + + rpc_ns_binding_import_next(import_context, &temp_h, &import_status); + + if (import_status) + { + dce_error_inq_text(import_status, dce_error, &dce_error_st); + DEBUG(0, ("dfsquota: bind_flservers.binding_import_next failed - %s\n", dce_error)); + rpc_ns_binding_import_done(&import_context, &import_status); + continue; + } + + rpc_binding_to_string_binding(temp_h, &string_binding, &import_status); + rpc_binding_free(&temp_h, &rpc_status); + + if (import_status) + { + dce_error_inq_text(import_status, dce_error, &dce_error_st); + DEBUG(0, ("dfsquota: bind_flservers.to_string_binding failed - %s\n", dce_error)); + rpc_ns_binding_import_done(&import_context, &import_status); + continue; + } + + rpc_string_binding_parse(string_binding, NULL, &protseq, &network_addr, + NULL, NULL, &import_status); + rpc_string_free(&string_binding, &rpc_status); + + if (import_status) + { + dce_error_inq_text(import_status, dce_error, &dce_error_st); + DEBUG(0, ("dfsquota: bind_flservers.binding_parse failed - %s\n", dce_error)); + rpc_ns_binding_import_done(&import_context, &import_status); + continue; + } + + rpc_string_binding_compose(string_uuid, + protseq, network_addr, NULL, NULL, + &string_binding, &import_status); + rpc_string_free(&protseq, &rpc_status); + rpc_string_free(&network_addr, &rpc_status); + + if (import_status) + { + dce_error_inq_text(import_status, dce_error, &dce_error_st); + DEBUG(0, ("dfsquota: bind_flservers.binding_compose failed - %s\n", dce_error)); + rpc_ns_binding_import_done(&import_context, &import_status); + continue; + } + + rpc_binding_from_string_binding(string_binding, + &flserver_h[flserver_h_count], + &import_status); + rpc_string_free(&string_binding, &rpc_status); + + if (import_status) + { + dce_error_inq_text(import_status, dce_error, &dce_error_st); + DEBUG(0, ("dfsquota: bind_flservers.from_string_binding failed - %s\n", dce_error)); + } + else + flserver_h_count++; + + rpc_ns_binding_import_done(&import_context, &import_status); + } + rpc_ns_group_mbr_inq_done(&group_context, &group_status); + rpc_string_free(&string_uuid, &import_status); + + return flserver_h_count; + } + + + BOOL disk_quotas(char *path, SMB_BIG_UINT *bsize, SMB_BIG_UINT *dfree, SMB_BIG_UINT *dsize) + { + struct afsFid fidp; + struct vldbentry fl_entry; + unsigned32 status, status2; + unsigned_char_t *string_binding; + rpc_binding_handle_t ftserver_h; + struct ftserver_status ft_status; + struct afsHyper hyper; + unsigned32 ft_quota, ft_used; + int index; + + if (flserver_h_count == 0) + if (!bind_flservers()) + { + DEBUG(0, ("dfsquota: retrying flserver bind\n")); + if (!bind_flservers()) + { + DEBUG(0, ("dfsquota: unable to bind to any flservers\n")); + return 0; + } + } + + if (!path_to_fid(path, &fidp)) + { + DEBUG(0, ("dfsquota: path_to_fid failed for %s\n", path)); + return 0; + } + + for(index = 0; index < flserver_h_count; index++) + { + int raised = 0; + + TRY + status = VL_GetEntryByID(flserver_h[flserver_h_index], &fidp.Volume, -1, &fl_entry); + CATCH_ALL + status = THIS_CATCH->status.status; + DEBUG(0, ("dfsquota: flserver[%d] rpc failed - %d\n", flserver_h_index, status)); + raised = 1; + ENDTRY + + if (!raised) + { + if (status) + { + DEBUG(0, ("dfsquota: flserver call failed - %d\n", status)); + return 0; + } + else + break; + } + else if ((status >= rpc_s_mod) && (status <= (rpc_s_mod+4096))) + { + error_status_t reset_status; + + rpc_binding_reset(flserver_h[flserver_h_index], &reset_status); + if (reset_status) + DEBUG(0, ("dfsquota: flserver[%d] handle reset failed - %d\n", flserver_h_index, reset_status)); + } + + flserver_h_index = ((flserver_h_index + 1) % flserver_h_count); + } + + if (index == flserver_h_count) + { + DEBUG(0, ("dfsquota - all flservers failed\n")); + return 0; + } + + flserver_h_index = ((flserver_h_index + 1) % flserver_h_count); + + rpc_string_binding_compose(NULL, "ncadg_ip_udp", + inet_ntoa(((struct sockaddr_in *)(&fl_entry.siteAddr[0]))->sin_addr), + NULL, NULL, &string_binding, &status); + + if (status) + return 0; + + rpc_binding_from_string_binding(string_binding, &ftserver_h, &status); + rpc_string_free(&string_binding, &status2); + + if (status) + return 0; + + TRY + status = FTSERVER_GetOneVolStatus(ftserver_h, &fidp.Volume, + fl_entry.sitePartition[0], 0, &ft_status); + CATCH_ALL + status = THIS_CATCH->status.status; + ENDTRY; + + rpc_binding_free(&ftserver_h, &status2); + + if (status) + { + DEBUG(0, ("dfsquota: ftserver call failed - %d\n", status)); + return 0; + } + + ft_quota = ((0xffc00000 & (AFS_hgethi(ft_status.vsd.visQuotaLimit) << 22)) | (0x003fffff & (AFS_hgetlo(ft_status.vsd.visQuotaLimit) >> 10))); + + ft_used = ((0xffc00000 & (AFS_hgethi(ft_status.vsd.visQuotaUsage) << 22)) | (0x003fffff & (AFS_hgetlo(ft_status.vsd.visQuotaUsage) >> 10))); + + *bsize = 1024; + *dfree = (ft_quota - ft_used); + *dsize = ft_quota; + return 1; + } + + #endif + #endif diff -r -c samba-2.0.7/source/smbd/dosmode.c samba-2.0.7-dce-2.0/source/smbd/dosmode.c *** samba-2.0.7/source/smbd/dosmode.c Tue Apr 25 16:07:10 2000 --- samba-2.0.7-dce-2.0/source/smbd/dosmode.c Wed Jun 14 16:00:49 2000 *************** *** 122,129 **** DEBUG(8,("dos_mode: %s\n", path)); if ((sbuf->st_mode & S_IWUSR) == 0) ! result |= aRONLY; if (MAP_ARCHIVE(conn) && ((sbuf->st_mode & S_IXUSR) != 0)) result |= aARCH; --- 122,133 ---- DEBUG(8,("dos_mode: %s\n", path)); + #ifdef WITH_DFS + if (access(path, W_OK)) + #else if ((sbuf->st_mode & S_IWUSR) == 0) ! #endif ! result |= aRONLY; if (MAP_ARCHIVE(conn) && ((sbuf->st_mode & S_IXUSR) != 0)) result |= aARCH; diff -r -c samba-2.0.7/source/smbd/password.c samba-2.0.7-dce-2.0/source/smbd/password.c *** samba-2.0.7/source/smbd/password.c Tue Apr 25 16:07:11 2000 --- samba-2.0.7-dce-2.0/source/smbd/password.c Wed Jun 14 17:05:11 2000 *************** *** 425,433 **** use it (ie. does it exist in the smbpasswd file). */ DEBUG(4,("smb_password_ok: Checking NT MD4 password\n")); ! if (smb_password_check((char *)nt_pass, ! (uchar *)smb_pass->smb_nt_passwd, ! challenge)) { DEBUG(4,("NT MD4 password check succeeded\n")); return(True); } --- 425,438 ---- use it (ie. does it exist in the smbpasswd file). */ DEBUG(4,("smb_password_ok: Checking NT MD4 password\n")); ! ! #ifdef WITH_DCE_ENCRYPTED ! if (dce_smb_password_check(smb_pass->smb_name, challenge, nt_pass, 1)) ! #else ! if (smb_password_check((char *)nt_pass, (uchar *)smb_pass->smb_nt_passwd, challenge)) ! #endif ! { ! DEBUG(4,("NT MD4 password check succeeded\n")); return(True); } *************** *** 446,454 **** return True; } ! if((smb_pass->smb_passwd != NULL) && ! smb_password_check((char *)lm_pass, ! (uchar *)smb_pass->smb_passwd, challenge)) { DEBUG(4,("LM MD4 password check succeeded\n")); return(True); } --- 451,464 ---- return True; } ! #ifdef WITH_DCE_ENCRYPTED ! if((smb_pass->smb_passwd != NULL) && ! dce_smb_password_check(smb_pass->smb_name, challenge, lm_pass, 0)) ! #else ! if((smb_pass->smb_passwd != NULL) && ! smb_password_check((char *)lm_pass, (uchar *)smb_pass->smb_passwd, challenge)) ! #endif WITH_DCE_ENCRYPTED ! { DEBUG(4,("LM MD4 password check succeeded\n")); return(True); } *************** *** 529,534 **** --- 539,548 ---- return False; } + #ifdef WITH_DCE_ENCRYPTED + BOOL dce_update_encrypted_pw(char *user, char *password); + #endif + /**************************************************************************** check if a username/password pair is OK either via the system password database or the encrypted SMB password database *************** *** 553,559 **** return pass_check(user, password, pwlen, pwd, lp_update_encrypted() ? ! update_smbpassword_file : NULL); } /**************************************************************************** --- 567,580 ---- return pass_check(user, password, pwlen, pwd, lp_update_encrypted() ? ! #ifdef WITH_DCE_ENCRYPTED ! dce_update_encrypted_pw ! #else ! update_smbpassword_file ! #endif WITH_DCE_ENCRYPTED ! : NULL ! ); ! } /**************************************************************************** diff -r -c samba-2.0.7/source/smbd/quotas.c samba-2.0.7-dce-2.0/source/smbd/quotas.c *** samba-2.0.7/source/smbd/quotas.c Tue Apr 25 16:07:11 2000 --- samba-2.0.7-dce-2.0/source/smbd/quotas.c Wed Jun 14 16:23:22 2000 *************** *** 43,49 **** #endif /* VXFS_QUOTA */ ! #ifdef LINUX #include #include --- 43,53 ---- #endif /* VXFS_QUOTA */ ! #ifdef WITH_DFS ! ! BOOL disk_quotas(char *path, SMB_BIG_UINT *bsize, SMB_BIG_UINT *dfree, SMB_BIG_UINT *dsize); ! ! #elif LINUX #include #include diff -r -c samba-2.0.7/source/smbd/server.c samba-2.0.7-dce-2.0/source/smbd/server.c *** samba-2.0.7/source/smbd/server.c Tue Apr 25 16:07:12 2000 --- samba-2.0.7-dce-2.0/source/smbd/server.c Wed Jun 14 16:16:59 2000 *************** *** 39,49 **** extern pstring user_socket_options; - #ifdef WITH_DFS - extern int dcelogin_atmost_once; - #endif /* WITH_DFS */ - - extern fstring remote_machine; extern pstring OriginalDir; --- 39,44 ---- *************** *** 411,420 **** respond_to_all_remaining_local_messages(); ! #ifdef WITH_DFS ! if (dcelogin_atmost_once) { ! dfs_unlogin(); ! } #endif if (!reason) { --- 406,413 ---- respond_to_all_remaining_local_messages(); ! #ifdef WITH_DCE ! dce_cleanup(); #endif if (!reason) {